The Role of Cyber Volunteers in Helping the Healthcare Sector Respond to COVID-19 Cyberattacks

CyberPeace Institute

The exponential growth of COVID-19-related cyberattacks is posing a considerable threat to civil society, government institutions, industries at large, and most particularly, the healthcare sector. Despite a wake-up call following the WannaCry crisis, healthcare cybersecurity still lags. As a result, in this time of emergency, cyberattacks may not only have an economic and reputational cost, they may also have an impact on human life.   

Within this context, COVID-19 specific cyber volunteer initiatives have emerged to provide free assistance to healthcare organizations. This extra support may not just be a temporary and welcome development, evidencing the solidarity of the cybersecurity industry, but the outcome of an underlying trend. 

During every major cybersecurity incident, researchers and incident responders cooperate to find a vaccine, a patch, share indicators of compromise, or to help. As the frequency of these events increases, the need to structure their efforts becomes more apparent. Additionally, as is the case with COVID-19, this need becomes more critical the longer the crisis lasts.   

The need for actionable and agile cyber response at scale has already led many governments to look at creating cyber reserves to increase their internal capacity. For instance, the state of Michigan launched a cyber civilian corps a few years ago and the French ministry of defense created a cyberdefense reserve. These efforts highlight various governments’ response to the asymmetry of cyberattacks, where devastating impact can stem from a few lines of code.  

As such, cyber volunteer initiatives complement existing public and private cybersecurity assistance mechanisms. However, there are a number of important questions to ask regarding this new wave of initiatives, including the following:

Are these initiatives sustainable in the long run? What are the difficulties they face in structuring themselves, in building trust, in maintaining momentum?

From the perspective of those in need of cybersecurity advice, how do such initiatives fare compared to existing ones?

What are the challenges associated with bringing in third-party assistance in a very loose and agile regulatory, or contractual context?

How can existing technical, legal, and regulatory frameworks make space, welcome, reward, and even educate cyber volunteers?  

Together with key cybersecurity and healthcare professionals receiving or providing assistance in the context of COVID-19, we will discuss these points and questions, along with many others during our CyberPeace Lab on Wednesday 13th of May 2020, from 15:30pm until 17:00pm (CET). Check out details and register here.

The CyberPeace Institute is an independent, non-profit organization with the mission to enhance the stability of cyberspace. It does so by supporting vulnerable communities, analysing attacks collaboratively, and advancing responsible behaviour in cyberspace.

Copyright: The CyberPeace Institute

© Copyright 2023: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.


Support the CyberPeace Institute

Individual lives can be changed dramatically by the acts of cyber criminals. We need your support to assist victims of cyberattacks in the NGO, humanitarian and healthcare sectors.


Subscribe to our newsletter

Receive monthly news on what’s happening at the Institute: our impact, publications, events and important milestones.